Smominru
The threat actors behind the Smominru crypto mining campaign had upped their game ever since their operation's efficiency was harmed when cybersecurity experts managed to sinkhole a significant fraction of the Smominru's network infrastructure. According to a recent analysis of computers infected by the Smominru crypto miner, it appears that the attackers have implemented several new features in their campaign:
- They now use the EternalBlue exploit to spread the Smominru payload to other vulnerable systems on the same domain.
- They use a modified version of Mimikatz to collect login credentials from compromised systems.
- Some of their payloads include a Remote Access Trojan (RAT) component.
Credentials to Company Networks Sold on the Dark Web
In addition to these changes, the threat actors behind the project also seem to be diversifying their revenue streams by selling access to compromised networks. The marketplace for this has been set up on the Dark Web, and the attackers appear to have different pricing schemes for the infected hosts. This will not only maximize their profits but may put their victims in even more danger since an attacker with ill intentions could easily purchase access to a particular company's network and plant additional malware.
Currently, the Smominru malware is believed to persist on over 500,000 systems, but this number might rapidly increase because of the malware's newly added self-propagation abilities. Cybersecurity experts have estimated that the threat actors behind the Smominru project may have netted a little bit more than $3,000,000 thanks to their Trojanized cryptocurrency mining operation, as well as thanks to the newly adopted strategy of selling system access on the Dark Web.
Smominru is Proof that Cryptocurrency Mining Campaigns will Continue to Evolve
Cybercriminals are evolving their strategies and improvising with new monetization techniques constantly. Even cryptocurrency miners are not that simple anymore, and the Smominru campaign serves as a good reminder of why cyber-threats should never be underestimated. Protecting your network should be your top priority – make sure to use an advanced anti-malware solution on all Internet-connected computers, and apply the latest operating system and software updates.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.